The widespread transition of data from analog format to digital format has exacerbated problems relating to unauthorized copying and redistribution of protected content. Flawless copies of content can be easily produced and distributed via the Internet. This piracy is a major concern and expense for content providers.
Further, a new type of home consumer device for digital content management has been enabled by the advent of inexpensive, large-capacity hard disks. A movie rental box receives digital movies from some inexpensive source of data, usually a broadcast source (whether terrestrial or satellite-based). The movies do not have to be delivered in real time. Instead, they are stored on the hard disk, so that at any moment the hard disk contains, for example, the hundred hottest movies in the rental market. The consumer can simply select a particular movie and hit “play” to begin viewing a movie. The movie rental box periodically calls a clearing center and reports the consumer's content usage for billing purposes; the box may also acquire new decryption keys during this call.
The advantages the box provides to the consumer are obvious: he or she no longer has to go to the video rental store, and perhaps more importantly, does not have to return a rental tape or DVD. The consumer value proposition of movie rental boxes is so compelling it is estimated that there will be 20 million such boxes in the United States within five years.
Content providers need to know what security problems are associated with these boxes, i.e. how can a user get a movie without paying for it? The simple attack of merely disconnecting the box so that it cannot call the clearing center can achieve only a short-lived advantage because the clearing center can simply refuse to provide new decryption keys to such a box. Likewise, the periodic “calling home” makes detection of clone boxes relatively easy. The most serious attack is likely to be the so-called “anonymous” attack, wherein a user or a group of users purchase rental movies from legitimate movie rental boxes that have been instrumented so that the protected content and/or the decryption keys can be captured and redistributed, often over the Internet. This Napster-style attack with movies instead of music is the most urgent concern of the movie studios that are investigating content protection technology.
One solution to the problem is to differently watermark and differently encrypt each movie for each authorized movie rental box, so that if a movie were pirated the watermarking and encryption information would uniquely identify the compromised box. Alas, this solution is not feasible because of the excessive computing effort and transmission bandwidth required to prepare and transmit individualized movies. The distribution system is economical only if the movies can be distributed over broadcast channels, i.e. where every box gets substantially the same data at the same time.
To solve the broadcast problem, the approach known in the art as “tracing traitors” is used. In this approach, an original version of each movie file has been augmented before being broadcast. Specifically, the file that is actually broadcast has had at least one critical file segment replaced by a set of segment variations. Each file segment variation is differently encrypted and preferably also differently watermarked prior to encryption, although the entire file may be watermarked as well. All the variations in one segment are identical for viewing purposes. A receiver is given the cryptographic key to decrypt only one of the variations in each segment. If the receiver is compromised and is used to illegally rebroadcast either the keys or the segments themselves, it is possible to deduce which receiver or receivers have been compromised.
The tracing traitors approach has not been widely used in practice to date, because previously known methods required unreasonable amounts of bandwidth in the broadcast, due to the number of segments or variations required. This invention substantially reduces the bandwidth required.
An improved prior art solution using the tracing traitors approach is described in PCT patent application WO 99/19822 “System and Method for Discovering Compromised Security Devices” by Birdwell et al. The Birdwell abstract states:
“A data delivery system has a content server or other mechanism for delivering encoded content to multiple authorized clients. The authorized clients are equipped with security devices having decoding capabilities to decode the content. Unauthorized clients are prevented from decoding the content because they are not supplied with the decoding capabilities. As part of the data delivery system, a traitor detection system is provided to discover an identity of an authorized client that has been compromised and is illicitly transferring decoding capabilities to unauthorized clients. The traitor detection system generates different decoding capabilities and creates an association file which relates the different decoding capabilities to different authorized clients. The decoding capabilities are traced to determine which of them is illicitly transferred to an illegitimate user. In the event that one of the decoding capabilities is illicitly transferred, the traitor detection system consults the association file to identify one or more of the authorized clients that were originally supplied with the illicitly transferred decoding capabilities. The identified set of clients includes the compromised client. The process is repeated for the identified set of clients with a new set of decoding capabilities to successively narrow the field of possible pirating clients, until the compromised security device is precisely pinpointed.”
The Birdwell invention, however, requires the broadcaster to dynamically change the segment variations assigned to the individual receivers on the fly, based on instantaneous feedback on the rebroadcasted data. This simply does not work for applications like rental movie boxes, because the pirates have no urgent need to immediately rebroadcast the movies. For example, they can wait for months without losing substantial revenue, if that will help them defeat a tracing traitors scheme.
A method of distributing protected content that combats piracy and enables identification and revocation of compromised receivers in a broadcast encryption system without excessive transmission bandwidth overhead is therefore needed.